Feeds

Articles about Malware

Sync'n'steal: Hackers brew Android-targeting Windows malware

Internet Igors have stitched together the first strain of Windows malware that can hop over and infect Android smartphones and tablets. The Droidpak mobile banking trojan exploits syncing between smartphones and Windows PCs to jump from a compromised PC onto an Android device. The Windows Trojan downloads a malicious .APK file …
John Leyden, 27 Jan 2014

Zoom out for a view of malware, say boffins

One of the reasons malware gets past corporate defences is that a single HTTP request can look perfectly innocent. However, according to research to be presented at a security conference next week, those requests reveal themselves if the defender takes a “big picture” view. According to research to be presented at the Internet …
An alternative Yahoo! logo, courtesy of a Flickr user

Malware! tainted! ads! infect! thousands! of! Yahoo! users!

Thousands of Yahoo! users have been exposed to malware through malicious advertisements over the past few days, according to research by Dutch security firm Fox-IT. Malware-tainted ads served from ads.yahoo.com were shown to victims in Romania, Great Britain and France, infecting tens of thousands every hour. The first infection …
John Leyden, 06 Jan 2014

Flappy Bird's ANIMATED CORPSE may spread malware PLAGUE

Cybercrooks have been quick to latch onto the hype about Flappy Bird's demise by laying a variety of malware-based traps. Counterfeit Flappy Bird Android apps packing malware have been spotted all over the web, with sightings by both Trend Micro and Sophos, among others. Trend warns that counterfeit copies of the mobile game …
John Leyden, 12 Feb 2014
The NSA Unchained

NSA installed '50,000 malware sleeper cells' in world computer networks

America's NSA had established an army of "sleeper cells" – malware-infected, remote-controllable computers – on 50,000 networks by the middle of 2012. That's according to the latest leaks from whistleblower Edward Snowden. Dutch newspaper NRC Handelsblad reports that the elite NSA TAO (Tailored Access Operations) hacking squad …
John Leyden, 25 Nov 2013

Feds indict nine for making millions from Zeus malware

The FBI and the US Department of Justice have unsealed charges against nine people accused of racketeering, computer fraud, aggravated identity theft, and multiple counts of bank fraud related to their use of the Zeus malware against victims in the state of Nebraska. "The 'Zeus' malware is one of the most damaging pieces of …
Iain Thomson, 14 Apr 2014

Government-built malware running out of control, F-Secure claims

A surprising number of governments are now deploying their own custom malware – and the end result could be chaos for the rest of us, F-Secure's malware chief Mikko Hyppönen told the TrustyCon conference in San Francisco on Thursday. "Governments writing viruses: today we sort of take that for granted but 10 years ago that would …
Iain Thomson, 28 Feb 2014

Cops cuff 4 in £1m banking fraud malware case

Four people have been arrested and £80,000 in cash seized as part of a Met Police investigation into the theft of an estimated £1m from UK banks using malware. Two men, both aged 31, and two women aged 24 and 27, were arrested on suspicion of conspiracy to defraud and conspiracy to launder money during raids on properties in …
John Leyden, 12 Dec 2013

Bank-raid ZeuS malware waltzes around web with 'valid app signature'

A variant of the bank-account-raiding ZeuS Trojan is masquerading as a legit Windows app using a valid digital signature – and packs a rootkit to burrow deep into victims' PCs. It appears miscreants have somehow gained access to the private signing key belonging to a Microsoft-registered third-party developer in Switzerland, and …
John Leyden, 05 Apr 2014

Malware-flinging Linksys vulnerability confirmed as a HNAP1 bug

The worm called “The Moon”, which began spreading between Linksys home broadband kit last week, has been confirmed as a problem with the devices' HNAP1 implementation, and an exploit has been made public. The exploit was posted to Exploit-db.com by user Rew, who said this Reddit discussion meant the “cat's out of the bag”. …
Hong Kong asicminer datacentre racks

That toolbar you downloaded is malware? Tough, read the EULA

Security software vendor Malwarebytes has highlighted what it says is an increasing trend for malware authors to embed Bitcoin mining into things like browser toolbar helpers and search agents. That's not so new, but its latest observation is that the malware-peddlers are trying to tie up suckers with their license agreements. …

Use MediaWiki and hate malware? This patch is for you

Check Point Software Technologies has announced a remote code execution bug in the popular MediaWiki platform that powers Wikipedia. As detailed here: “Your MediaWiki installation is affected by a remote code execution vulnerability if you have enabled file upload support for DjVu (natively supported by MediaWiki) or PDF files ( …
Screen shot from SpyEye

Russian SpyEye author pleads guilty to starting malware onslaught

Russian national Aleksandr Andreevich Panin has pleaded guilty to charges of banking and wire fraud for his role in developing the SpyEye Trojan, which used botnets of enslaved computers to harvest financial credentials from internet users around the world. "The apprehension of Mr. Panin means that one of the world's top …
Iain Thomson, 29 Jan 2014

NHS website hit by MASSIVE malware security COCKUP

Hundreds of URLs on the NHS website have been flooded with malware by hackers and - at time of writing - it remains exposed. The security blunder was first spotted early this morning and an alert was posted on Reddit along with a list of 587 pages said to have been compromised on the www.nhs.uk site. The Register put calls in …
Kelly Fiveash, 03 Feb 2014

First China banned Bitcoin. Now its crooks are using malware to steal traders' wallets

Cybercrooks have developed a strain of malware that actively targets BTC China and other Bitcoin exchanges. A Zeus P2P/Gameover variant discovered by Trusteer is designed to steal the passwords of traders in the virtual currency. A blog post by the IBM-owned transaction security firm (extract below) explains that the malware is …
John Leyden, 19 Dec 2013

Two million TERRIBLE PASSWORDS stolen by malware attackers

Researchers have uncovered a massive cache of stolen account credentials which could impact some two million users. Security firm Trustwave said that its SpiderLabs reconnaissance team has detected a malware operation which has been able to pilfer account credentials on infected machines and build an archive of lifted passwords …
Shaun Nichols, 04 Dec 2013
Windows XP

Fine! We'll keep updating WinXP's malware sniffer after April, says Microsoft

Microsoft has capitulated to the legions of users who are still running Windows XP once again, by extending support for its antimalware software for the aging OS into 2015. In the past, Redmond has warned that it would discontinue support for Microsoft Security Essentials, Forefront Client Security, Forefront Endpoint Protection …
Neil McAllister, 16 Jan 2014
Autodesk's AutoCAD

Rare AutoCAD malware rigs drafting machines for follow-up attacks

Security researchers have discovered a rare strain of AutoCAD malware that opens up compromised machines to secondary exploits. ACM/SHENZ-A poses as a legitimate component of AutoCAD software for computer-aided design (CAD). But analysis by security researchers at Trend Micro has revealed that the malicious file opens up systems …
John Leyden, 25 Nov 2013

Russia charges 'criminal organization' behind Blackhole malware kit

The Russian government has charged a group of people with organized crime offenses related to the creation and use of the Blackhole malware kit. Word first leaked out via Europol in October that a man going by the alias "Paunch", who was suspected of being the creator of the infamous crimeware tool, had been arrested in Russia …
Neil McAllister, 06 Dec 2013

Android malware spotted hitching a ride on mobile botnet

Kaspersky Lab has reported the first sighting of mobile malware (Android, of course) that piggybacks on the back of a separate mobile botnet and uses the resources of other malware once it's installed. "For the first time malware is being distributed using botnets that were created using completely different mobile malware," …
Iain Thomson, 06 Sep 2013
The Register breaking news

'BadNews is malware' says outfit that found it

The BadNews malware debate continues to be batted back and forth, with Lookout, the company that first raised the alarm, maintaining that it is malware in the face of Google's assertion last week that it had seen no malicious activity associated with apps carrying the malware. In conversation with The Register, Lookout's …

Run for the tills! Malware infected Target registers, slurped 40m bank cards

Target today claimed malware infected its cash registers, which allowed crooks to siphon off copies of 40 million credit and debit cards. Chief executive Gregg Steinhafel said point-of-sale (POS) systems were compromised by a software nasty, which harvested sensitive banking information from customers' magstripes. The …
Shaun Nichols, 14 Jan 2014

New fear: Worm that ransacked US military PCs was blueprint for spies' super-malware

A mystery worm that burrowed into US military computers to steal secrets six years ago may have inspired the development of subsequent government-grade malware Red October, Turla, Flame and Gauss. Researchers at Kaspersky Lab reached this conclusion after finding similarities between Agent.btz – the worm that attacked in 2008 – …
John Leyden, 12 Mar 2014

Taiwan bids to bolster security with free malware database

Taiwan’s National Centre for High-Performance Computing (NCHC) has launched what it claims to be the world’s first free malware database designed to help businesses, academics and researchers better identify and defend against criminally-coded attacks. The centre, one of the 11 which comprise Taiwan’s National Applied Research …
Phil Muncaster, 02 Sep 2013
Kim Jong-un

Norks seed online games with malware in fiendish DDoS plot

South Korea’s National Police Agency (NPA) is warning users not to download unofficial online games as they may contain malware designed by the North to compromise machines which can then be used to launch DDoS attacks on the country. The malware in question collects the location data and IP address and sends them to overseas …
Phil Muncaster, 25 Oct 2013

Deadly Spanish train disaster exploited by malware mail scumbags

This week's Spanish train disaster, in which at least 80 people were killed after a speeding train derailed, is being exploited by internet pondlife to spread malware. Security outfit Dynamoo spotted email spam that links to what's claimed to be to a CNN news story. Marks who click the URL end up on a hacked website riddled with …
John Leyden, 26 Jul 2013

Amazon's public cloud fingered as US's biggest MALWARE LAIR

Amazon's public cloud is the largest haven of malware spreaders in the US, according to security company Solutionary. The claims are in the outfit's "Quarterly Threat Intelligence Report" [PDF], which uses data from Solutionary's ActiveGuard Security and Compliance Platform. It was published on Wednesday. "Malware and, more …
Jack Clark, 16 Jan 2014

File-NUKING Cryptolocker PC malware MENACES 'TENS of MILLIONS' in UK

The infamous Cryptolocker malware, which encrypts your computer files and demands a payment of £534 ($860) to unlock them, may have been sent to "tens of millions" of Brits, Blighty's crime-busters warned today. According to an alert from the UK National Crime Agency (NCA), a fresh round of ransomware-loaded spam posing as bank …
Shaun Nichols, 15 Nov 2013

Secret ROYAL BABY birth VIDEO leaked! (And other malware scams)

It's the moment malware writers worldwide have been waiting ages for: millions of royal-watchers at home and at work will be in front of their computers, hunting for the first pictures of the soon-to-be-born third heir to the throne. The Duchess of Cambridge's labour has started, it was confirmed this morning. The baby, whatever …
John Leyden, 22 Jul 2013
NSA parody T-shirt

NSA's TURBINE robot can pump 'malware into MILLIONS of PCs'

The latest batch of top-secret intelligence documents from the hoard collected by NSA whistleblower Edward Snowden detail the massive increase in the agency's use of its Tailored Access Operations (TAO) hacking unit – including a system dubbed TURBINE that can spam out millions of pieces of sophisticated malware at a time. The …
Iain Thomson, 12 Mar 2014
Prison window

Prison Locker: A load of überhyped malware FUD over... internet chatter

An underground advert seeking help in developing a file-encrypting ransomware kit that might be sold for just $100 a go sparked something of a panic on the interwebs this week. But security watchers are yet to see any samples of the so-called Prison Locker ransomware, leading at least two security firms to characterise the …
John Leyden, 10 Jan 2014
The Register breaking news

US Labor Dept website serving malware to innocent visitors

The US Department of Labor's website has been hacked and malicious code stuck behind the scenes, security tools firm AlienVault says. Since yesterday, the DoL site has been serving out malicious code that installs malware on unsuspecting users' computers, AlienVault's labs director Jaime Blasco told The Register. The DoL said …
Team Register, 01 May 2013
The Register breaking news

Airports' passport controls SHUT DOWN by 'malware' - report

Border control systems at both of Istanbul's main airports were thrown into chaos last Friday following a suspected malware outbreak. The Istanbul provincial security directorate’s PolNet database system temporarily broke down on 26 July, affecting systems at both Atatürk and Sabiha Gökçen International airports. The snafu …
John Leyden, 31 Jul 2013

Malware-flingers do it back-to-front : scaM snaps, spans Macs

Miscreants have brewed up an exceptionally sneaky strain of Mac malware that uses back-to-front trickery to disguise its true nature. Janicab, which is written in Python, takes advantage of the right-to-left (RTL) U202E Unicode character to mask the malicious file’s real extension. The U202E marker applies a right-to-left …
John Leyden, 16 Jul 2013
The Register breaking news

Mac malware found with valid developer ID at freedom conference

The annual Oslo Freedom Conference, where activists meet to share tips on advancing human rights, has thrown up an unusual piece of Apple OS X malware. At a workshop covering how to secure your hardware against government intrusion, security researcher Jacob Applebaum discovered the code on a laptop owned by an Angolan human …
Iain Thomson, 17 May 2013
TOR Logo

Malware culprit fingered in mysterious Tor traffic spike

Security researchers believe they have identified the botnet responsible for a recent spike in traffic on the anonymizing Tor network, but the exact purpose of the malware remains unclear. On Friday, security firm Fox-IT called out the culprit as a variant of a botnet sometimes known as "Mevade.A", which has been making the …
Neil McAllister, 09 Sep 2013
The Register breaking news

Earn £8,000 a MONTH with bogus apps from Russian malware factories

Just 10 professionally run malware-making workshops in Russia are responsible for 30 per cent of the Trojans, spyware and other nasties infecting smartphones globally. That's according to a study by mobile security outfit Lookout. These underground crime labs churn out DIY kits ideal for scriptkiddies looking to make a fast buck …
John Leyden, 05 Aug 2013

Scared yet, web devs? Google smears malware warnings over PHP.net

Google's Safe Browsing technology is blocking access to PHP.net as a precaution, after apparently detecting that some of its pages were booby-trapped with links to malicious software. The move put warning blocks in the way of accessing a site that's widely used by web developers. Google didn't specify the types of Trojans …
John Leyden, 24 Oct 2013
The Register breaking news

Malware linked to Chinese hackers aims at Japanese government

Malware researchers at Seculert say they've found two more cases of highly targeted malware coming out of China, and claim to have back-traced it to the same geographical region that was fingered as the source of the Project Aurora attacks. "It's using a similar MO – infected PDFs sent out as part of a spear-phishing campaign," …
Iain Thomson, 05 Mar 2013
Smartphone user on Tube

Security boffins say music could trigger mobile malware

Security researchers have discovered that specific music, lighting, vibrations or magnetic fields could all be used as infection channels to trigger the activation of mobile malware on a massive scale. The paper, titled Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices, was presented in the …
Phil Muncaster, 28 May 2013
Include Security's Tinder leakage demo

Left swipe! That hot Tinder babe is a malware-flinging ROBOT

Hackers are abusing the popular Tinder dating app to spread malware and survey scams using bots and clever social-engineering trickery. Bots are luring users with tempting profiles and pictures using pictures from an Arizona-based photography studio, according to net security firm BitDefender. Some of these images have also been …
John Leyden, 07 Apr 2014
The Register breaking news

Magic mystery malware menaces many UK machines - new claim

Security researchers have found malware that communicates using an unknown protocol and is largely targeting UK businesses. The mystery software nasty has infected thousands of machines at organisations in finance, education, telecoms and other sectors, we're told. It initially phones home to its masters by establishing a HTTP …
John Leyden, 18 Apr 2013

Japanese police bust poker-playing IT boss for Android malware

Police in the Chiba Prefectural zone of Japan have arrested nine people suspected of making nearly $4m by distributing malware that harvested mobile user's contact information and using it for a fake dating website. The arrests came after a joint operation between the police and Symantec, and the security company reports that …
Iain Thomson, 25 Jul 2013
FBI badge and gun

FBI spooks use MALWARE to spy on suspects' Android mobes - report

The Federal Bureau of Investigation is using mobile malware to infect, and control, suspects' Android handsets, allowing it to record nearby sounds and copy data without physical access to the devices. That's according to "former officers" interviewed by the Wall Street Journal ahead of privacy advocate Christopher Soghoian's …
Bill Ray, 02 Aug 2013
The Register breaking news

BadNews, fandroids: MILLIONS of Google Play downloads riddled with malware

At least two million Google Play downloads gave Android users an unwanted freebie in the form of BadNews, a piece of malware which masqueraded as a legitimate advertising network. The malware was integrated into 32 different apps in the Google Store, according to mobile security specialist Lookout. Those apps have been …
Bill Ray, 22 Apr 2013

PHP.net resets passwords after malware-flinging HACK FLAP

The team behind popular web programing site PHP.net is in the process of restoring services and tightening security in the aftermath of a hack that exposed visitors to JavaScript-based exploits. Malicious JavaScript code was served to a small percentage of php.net users between 22 and 24 October after two php.net servers were …
John Leyden, 25 Oct 2013
The Register breaking news

Baby got .BAT: Old-school malware terrifies Iran with del *.*

A surprisingly simple disk-wiping malware has set off alarm bells in Iran after surfacing in the Middle East nation. The software nasty deletes everything on storage drives attached to infected Windows PCs on specific dates, according to the Iranian security emergency response team. The malware was detected in one or more …
John Leyden, 19 Dec 2012
The Register breaking news

Tibetan and Uyghur activists targeted with Android malware

Researchers at Kaspersky Lab are reporting that Tibetan activists are being hit by a highly targeted form of Android malware that seeks to record their contacts, call logs, SMS messages, geolocation, and phone data. The attack started with the March 24 hacking of an email account belonging to an activist seeking national …
Iain Thomson, 27 Mar 2013
The Register breaking news

This photo slide scanner costs €60... The bundled malware? That's free

German firm Tchibo has admitted to selling a photographic slide scanner that came pre-packaged with malware. The €60 (£48) 35mm slide scanner, sold by retail outlets and through Tchibo's online store, and manufactured by electronics accessory maker Hama, was infected with the infamous Conficker worm. In an advisory to customers …
John Leyden, 04 Jan 2013
Spam

Malware-flingers target gullible corporate bods with office printer spam

Sneaky cybercrooks are disguising links to malicious sites in spam emails posing as messages from Hewlett-Packard ScanJet printers. The attack takes advantage of the fact corporate users often receive emailed messages from scanners and multi-function printers located in their own offices, which contain attachments of the scan …
John Leyden, 09 Apr 2013